Summary

Adobe has released security updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address vulnerabilities that could potentially allow an attacker to take over the affected system. Adobe recommends users update their product installations to the latest versions:

Users of Adobe Reader XI (11.0.10) and earlier versions should update to version 11.0.11.

Users of Adobe Reader X (10.1.13) and earlier versions should update to version 10.1.14.

Users of Adobe Acrobat XI (11.0.10) and earlier versions should update to version 11.0.11.

Users of Adobe Acrobat X (10.1.13) and earlier versions should update to version 10.1.14.

Affected software versions

Adobe Reader XI (11.0.10) and earlier 11.x versions

Adobe Reader X (10.1.13) and earlier 10.x versions

Adobe Acrobat XI (11.0.10) and earlier 11.x versions

Adobe Acrobat X (10.1.13) and earlier 10.x versions

Note: Adobe Acrobat Reader DC is not affected by the CVEs references in this bulletin.

Solution

Adobe recommends users update their software installations by following the instructions below:

Adobe Reader

The product's default update mechanism is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.

Details

Adobe has released security updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address vulnerabilities that could potentially allow an attacker to take over the affected system. Adobe recommends users update their product installations to the latest versions:

Users of Adobe Reader XI (11.0.10) and earlier versions should update to version 11.0.11.

Users of Adobe Reader X (10.1.13) and earlier versions should update to version 10.1.14.

Users of Adobe Acrobat XI (11.0.10) and earlier versions should update to version 11.0.11.

Users of Adobe Acrobat X (10.1.13) and earlier versions should update to version 10.1.14.

These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, CVE-2015-3059, CVE-2015-3075).

These updates resolve heap-based buffer overflow vulnerabilities that could lead to code execution (CVE-2014-9160).

These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2015-3048).